dounieqi6959 2014-09-22 08:56
浏览 46
已采纳

FOS:未经授权的用户正在访问某个URL

My ROLE_ADMIN user can access to backend/user URL although I didn't grant him the permission to do so. This is the first time I'm using FOS so I might be doing a silly mistake below. I read the documentation. What should I do to avoid this access problem?

Thanks in advance

security.yml

role_hierarchy:
    ROLE_ADMIN: ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/backend, role: ROLE_ADMIN }
    - { path: ^/backend/user, role: ROLE_SUPER_ADMIN }

USERS

mbp:symfony$ php app/console fos:user:create user user@foobar user
Created user user
mbp:symfony$ php app/console fos:user:promote user ROLE_USER
User "user" did already have "ROLE_USER" role.

mbp:symfony$ php app/console fos:user:create admin admin@foobar admin
Created user admin
mbp:symfony$ php app/console fos:user:promote admin ROLE_ADMIN
Role "ROLE_ADMIN" has been added to user "admin".

mbp:symfony$ php app/console fos:user:create superadmin superadmin@foobar superadmin
Created user superadmin
mbp:symfony$ php app/console fos:user:promote superadmin ROLE_SUPER_ADMIN
Role "ROLE_SUPER_ADMIN" has been added to user "superadmin".
  • 写回答

2条回答 默认 最新

  • doushi3189 2014-09-22 09:17
    关注

    The access control uses the first matching rule to enforce access so your rules are stopping at - { path: ^/backend, role: ROLE_ADMIN } meaning that the rule after is never been reached.

    To get this working in the way that you were expecting your should switch the order of your rules around to match..

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/backend/user, role: ROLE_SUPER_ADMIN }
        - { path: ^/backend, role: ROLE_ADMIN }
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 为什么apriori的运行时间会比fp growth的运行时间短呢
  • ¥15 帮我解决一下膳食平衡的线性规划模型的数据实例
  • ¥40 万年历缺少农历,需要和阳历同时显示
  • ¥250 雷电模拟器内存穿透、寻基址和特征码的教学
  • ¥200 比特币ord程序wallet_constructor.rs文件支持一次性铸造1000个代币,并将它们分配到40个UTXO上(每个UTXO上分配25个代币),并设置找零地址
  • ¥15 关于Java的学习问题
  • ¥15 如何使用chatgpt完成文本分类任务?
  • ¥15 已知速度v关于位置s的等式,怎么转化为已知位置求速度v的等式
  • ¥15 我有个餐饮系统,用wampserver把环境配置好了,但是后端的网页却进去,是为什么,能不能帮远程一下?
  • ¥15 R运行没有名称为"species"的插槽对于此对象类"SDMmodelCV"